diff --git a/2017/2017.02.15.iranian-pupyrat-bites-middle-eastern-organizations/iranian-pupyrat-bites-middle-eastern-organizations.pdf b/2017/2017.02.15.iranian-pupyrat-bites-middle-eastern-organizations/iranian-pupyrat-bites-middle-eastern-organizations.pdf
new file mode 100644
index 0000000..c946d88
Binary files /dev/null and b/2017/2017.02.15.iranian-pupyrat-bites-middle-eastern-organizations/iranian-pupyrat-bites-middle-eastern-organizations.pdf differ
diff --git a/README.md b/README.md
index ce9a98d..24ae455 100644
--- a/README.md
+++ b/README.md
@@ -17,6 +17,7 @@ Please fire issue to me if any lost of APT/Malware events/campaigns.
 * Feb 17 - [ChChes - Malware that Communicates with C&C Servers Using Cookie Headers](http://blog.jpcert.or.jp/2017/02/chches-malware--93d6.html) [Local](../../blob/master/2017/2017.02.17.chches-malware)
 * Feb 15 - [Deep Dive On The DragonOK Rambo Backdoor](http://www.morphick.com/resources/news/deep-dive-dragonok-rambo-backdoor) | [Local](../../blob/master/2017/2017.02.15.deep-dive-dragonok-rambo-backdoor)
 * Feb 15 - [The Full Shamoon: How the Devastating Malware Was Inserted Into Networks](https://securityintelligence.com/the-full-shamoon-how-the-devastating-malware-was-inserted-into-networks/) | [Local](../../blob/master/2017/2017.02.15.the-full-shamoon)
+* Feb 15 - [Iranian PupyRAT Bites Middle Eastern Organizations](https://www.secureworks.com/blog/iranian-pupyrat-bites-middle-eastern-organizations) | [Local](../../blob/master/2017/2017.02.15.iranian-pupyrat-bites-middle-eastern-organizations)
 * Feb 14 - [Operation Kingphish: Uncovering a Campaign of Cyber Attacks against Civil Society in Qatar and Nepal](https://medium.com/amnesty-insights/operation-kingphish-uncovering-a-campaign-of-cyber-attacks-against-civil-society-in-qatar-and-aa40c9e08852#.cly4mg1g8) | [Local](../../blob/master/2017/2017.02.14.Operation_Kingphish)
 * Feb 10 - [Enhanced Analysis of GRIZZLY STEPPE Activity](https://www.us-cert.gov/sites/default/files/publications/AR-17-20045_Enhanced_Analysis_of_GRIZZLY_STEPPE_Activity.pdf)  | [Local](../../blob/master/2017/2017.02.10.Enhanced_Analysis_of_GRIZZLY_STEPPE)
 * Feb 02 - [Oops, they did it again: APT Targets Russia and Belarus with ZeroT and PlugX](https://www.proofpoint.com/us/threat-insight/post/APT-targets-russia-belarus-zerot-plugx) | [Local](../../blob/master/2017/2017.02.02.APT_Targets_Russia_and_Belarus_with_ZeroT_and_PlugX)